qcacld-3.0: Avoid peer access after peer deletion

Currently, peer can be accessed after deletion in hdd because cdp_clear_peer tries to remove peer from physical device after deletion of peer in datapath. Fix is to remove cdp_clear_peer from hdd as it is handled by cdp_peer_delete which invokes dp_peer_delete_wifi3. dp_peer_delete_wifi3 further invokes dp_peer_rx_bufq_resources_deinit and dp_peer_rx_bufq_resources_deinit does job of cdp_clear_peer. Change-Id: I9013b6f0ba860b9d9309e734806e592cf13934c6 CRs-Fixed: 2662867
2020-04-13 18:10:21 +05:30 · 2020-04-13 18:10:21 +05:30 · fb4299929b
commit fb4299929b
parent 451f7bf96c
4 changed files with 3 additions and 91 deletions
--- a/core/hdd/inc/wlan_hdd_assoc.h
+++ b/core/hdd/inc/wlan_hdd_assoc.h
@ -438,17 +438,6 @@ bool hdd_save_peer(struct hdd_station_ctx *sta_ctx,
 void hdd_delete_peer(struct hdd_station_ctx *sta_ctx,
 		     struct qdf_mac_addr *peer_mac_addr);

-/**
- * hdd_roam_deregister_sta() - deregister station
- * @adapter: pointer to adapter
- * @sta_id: station identifier
- * @mac_addr: peer mac address
- *
- * Return: QDF_STATUS enumeration
- */
-QDF_STATUS hdd_roam_deregister_sta(struct hdd_adapter *adapter,
-				   struct qdf_mac_addr mac_addr);
-
 #ifdef WLAN_FEATURE_ROAM_OFFLOAD
 QDF_STATUS
 hdd_wma_send_fastreassoc_cmd(struct hdd_adapter *adapter,
--- a/core/hdd/src/wlan_hdd_assoc.c
+++ b/core/hdd/src/wlan_hdd_assoc.c
@ -1626,23 +1626,6 @@ static void hdd_clear_roam_profile_ie(struct hdd_adapter *adapter)
 	hdd_exit();
 }

-QDF_STATUS hdd_roam_deregister_sta(struct hdd_adapter *adapter,
-				   struct qdf_mac_addr mac_addr)
-{
-	QDF_STATUS qdf_status;
-
-	qdf_status = cdp_clear_peer(cds_get_context(QDF_MODULE_ID_SOC),
-				    OL_TXRX_PDEV_ID, mac_addr);
-	if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {
-		hdd_err("cdp_clear_peer() failed for sta mac: "
-			QDF_MAC_ADDR_STR ". Status(%d) [0x%08X]",
-			QDF_MAC_ADDR_ARRAY(mac_addr.bytes),
-			qdf_status, qdf_status);
-	}
-
-	return qdf_status;
-}
-
 /**
 * hdd_print_bss_info() - print bss info
 * @hdd_sta_ctx: pointer to hdd station context
@ -1697,7 +1680,6 @@ static QDF_STATUS hdd_dis_connect_handler(struct hdd_adapter *adapter,
 					  eCsrRoamResult roam_result)
 {
 	QDF_STATUS status = QDF_STATUS_SUCCESS;
-	QDF_STATUS vstatus;
 	struct net_device *dev = adapter->dev;
 	struct hdd_context *hdd_ctx = WLAN_HDD_GET_CTX(adapter);
 	struct hdd_station_ctx *sta_ctx = WLAN_HDD_GET_STATION_CTX_PTR(adapter);
@ -1838,38 +1820,8 @@ static QDF_STATUS hdd_dis_connect_handler(struct hdd_adapter *adapter,
 						 adapter->vdev_id,
 						 SCAN_EVENT_TYPE_MAX, true);
 	}
-	if (eCSR_ROAM_IBSS_LEAVE == roam_status) {
-		uint8_t i;
-
-		vstatus = hdd_roam_deregister_sta(adapter,
-						  sta_ctx->conn_info.bssid);
-		if (QDF_IS_STATUS_ERROR(vstatus))
-			status = QDF_STATUS_E_FAILURE;
-
-		/* Clear all the peer sta register with TL. */
-		for (i = 0; i < MAX_PEERS; i++) {
-			struct qdf_mac_addr mac_addr =
-				sta_ctx->conn_info.peer_macaddr[i];
-
-			if (!hdd_is_valid_mac_address(mac_addr.bytes))
-				continue;
-
-			hdd_debug("Deregister Sta " QDF_MAC_ADDR_STR,
-				  QDF_MAC_ADDR_ARRAY(mac_addr.bytes));
-
-			vstatus = hdd_roam_deregister_sta(adapter, mac_addr);
-
-			if (QDF_IS_STATUS_ERROR(vstatus))
-				status = QDF_STATUS_E_FAILURE;
-			/* set the peer mac as 0, all other
-			 * reset are done in hdd_conn_remove_connect_info.
-			 */
-			qdf_mem_zero(&sta_ctx->conn_info.peer_macaddr[i],
-				sizeof(struct qdf_mac_addr));
-
-		}
-	} else {
 		/* clear scan cache for Link Lost */
+	if (roam_status != eCSR_ROAM_IBSS_LEAVE) {
 		if (eCSR_ROAM_LOSTLINK == roam_status) {
 			wlan_hdd_cfg80211_unlink_bss(adapter,
 				sta_ctx->conn_info.bssid.bytes,
@ -1878,8 +1830,8 @@ static QDF_STATUS hdd_dis_connect_handler(struct hdd_adapter *adapter,
 			sme_remove_bssid_from_scan_list(mac_handle,
 			sta_ctx->conn_info.bssid.bytes);
 		}
-
 	}
+
 	/* Clear saved connection information in HDD */
 	hdd_conn_remove_connect_info(sta_ctx);
 	/*
@ -3986,8 +3938,6 @@ roam_roam_connect_status_update_handler(struct hdd_adapter *adapter,
 			 QDF_MAC_ADDR_ARRAY(sta_ctx->conn_info.bssid.bytes),
 			 roam_info->staId);

-		hdd_roam_deregister_sta(adapter, roam_info->peerMac);
-
 		sta_ctx->ibss_sta_generation++;

 		cfg80211_del_sta(adapter->dev,
@ -4074,6 +4024,7 @@ QDF_STATUS hdd_roam_deregister_tdlssta(struct hdd_adapter *adapter,

 	return qdf_status;
 }
+
 #endif

 #ifdef WLAN_FEATURE_11W
@ -4647,7 +4598,6 @@ hdd_sme_roam_callback(void *context, struct csr_roam_info *roam_info,
 	QDF_STATUS qdf_ret_status = QDF_STATUS_SUCCESS;
 	struct hdd_adapter *adapter = context;
 	struct hdd_station_ctx *sta_ctx = NULL;
-	QDF_STATUS status = QDF_STATUS_SUCCESS;
 	struct cfg80211_bss *bss_status;
 	struct hdd_context *hdd_ctx;

@ -4701,11 +4651,6 @@ hdd_sme_roam_callback(void *context, struct csr_roam_info *roam_info,
 		wlan_hdd_netif_queue_control(adapter,
 				WLAN_STOP_ALL_NETIF_QUEUE,
 				WLAN_CONTROL_PATH);
-		status = hdd_roam_deregister_sta(
-					adapter,
-					sta_ctx->conn_info.peer_macaddr[0]);
-		if (!QDF_IS_STATUS_SUCCESS(status))
-			qdf_ret_status = QDF_STATUS_E_FAILURE;
 		sta_ctx->ft_carrier_on = true;
 		sta_ctx->hdd_reassoc_scenario = true;
 		hdd_debug("hdd_reassoc_scenario set to: %d, due to eCSR_ROAM_FT_START, session: %d",
--- a/core/hdd/src/wlan_hdd_nan_datapath.c
+++ b/core/hdd/src/wlan_hdd_nan_datapath.c
@ -816,7 +816,6 @@ void hdd_ndi_drv_ndi_delete_rsp_handler(uint8_t vdev_id)
 		return;
 	}

-	hdd_roam_deregister_sta(adapter, adapter->mac_addr);
 	hdd_delete_peer(sta_ctx, &bc_mac_addr);

 	wlan_hdd_netif_queue_control(adapter,
@ -953,7 +952,6 @@ void hdd_ndp_peer_departed_handler(uint8_t vdev_id, uint16_t sta_id,
 		return;
 	}

-	hdd_roam_deregister_sta(adapter, *peer_mac_addr);
 	hdd_delete_peer(sta_ctx, peer_mac_addr);

 	if (last_peer) {
--- a/core/hdd/src/wlan_hdd_softap_tx_rx.c
+++ b/core/hdd/src/wlan_hdd_softap_tx_rx.c
@ -1055,7 +1055,6 @@ QDF_STATUS hdd_softap_rx_packet_cbk(void *adapter_context, qdf_nbuf_t rx_buf)
 QDF_STATUS hdd_softap_deregister_sta(struct hdd_adapter *adapter,
 				     struct hdd_station_info **sta_info)
 {
-	QDF_STATUS qdf_status = QDF_STATUS_SUCCESS;
 	struct hdd_context *hdd_ctx;
 	struct qdf_mac_addr *mac_addr;
 	struct hdd_station_info *sta = *sta_info;
@ -1091,25 +1090,6 @@ QDF_STATUS hdd_softap_deregister_sta(struct hdd_adapter *adapter,
 	else
 		mac_addr = &sta->sta_mac;

-	/* Clear station in TL and then update HDD data
-	 * structures. This helps to block RX frames from other
-	 * station to this station.
-	 */
-
-	hdd_debug("Deregistering sta: " QDF_MAC_ADDR_STR,
-		  QDF_MAC_ADDR_ARRAY(sta->sta_mac.bytes));
-
-	qdf_status = cdp_clear_peer(
-			cds_get_context(QDF_MODULE_ID_SOC),
-			OL_TXRX_PDEV_ID,
-			*mac_addr);
-	if (!QDF_IS_STATUS_SUCCESS(qdf_status)) {
-		hdd_debug("cdp_clear_peer failed for sta: " QDF_MAC_ADDR_STR
-			", Status=%d [0x%08X]",
-			QDF_MAC_ADDR_ARRAY(mac_addr->bytes), qdf_status,
-			qdf_status);
-	}
-
 	if (ucfg_ipa_is_enabled()) {
 		if (ucfg_ipa_wlan_evt(hdd_ctx->pdev, adapter->dev,
 				      adapter->device_mode,